A Secure Mapping Solution in LISP Networks

The Locator/ID Separation Protocol (LISP) has been widely recognized as a feasible solution to address routing scalability issues and to support host mobility. In the LISP network, when an Egress Tunnel Router (ETR) receives LISP-encapsulated packets from an Ingress Tunnel Router (ITR), it acquires new source identifier-to-locator mappings and stores them in its cache table. However, such a gleaning scheme introduces a security threat that malicious users can insert an amount of fake mappings to the cache, so the ETR has to send map-request messages to Mapping Servers (MSs), which adds excess signaling overhead and transmission delay.